The campus has recently been targeted by malicious emails that impersonate campus colleagues in an attempt to receive gift cards or other types of payments. One such email appeared to come from a colleague in an upper-level management position and requested that the recipient buy gift cards and send pictures showing the PIN. If you receive a suspicious email from a colleague, rather than reply to the email, you should first contact the colleague via their published campus phone number which can be found here https://www.colorado.edu/search.
If you did reply to one of these emails and provided financial information or other personal information, please call the IT Service Center at 303-735-4357 during normal business hours. You are also welcome to alert OIT of suspicious emails by attaching them to a new email addressed to phish@colorado.edu. For more information about the IT Service Center, including hours, visit www.colorado.edu/oit/support/it-service-center.
Following is an example of one of the malicious messages:
___________________________
Subject: RE: Are you on campus
Hi Jim,
What I need is Google Play Gift card of $500 face value, I need 2 of this amounting to $1000.I need you to get the physical card, then you scratch the back out and take a picture of them, attach the pictures showing the pin and email it to me here. How soon can you get this done?
Regards,
Susan
Sent from my iPhone
___________________________
Be Aware
- If you ever receive a suspicious email, do not reply or click any links or open attachments.
- You might receive a phishing email from someone you know, particularly if that person’s account has been compromised through a phishing attack.
- It’s good practice to never click a link in an email. Instead, open a web browser and type the website address or search for it using a legitimate search engine.
Learn More
- OIT Security Awareness: www.colorado.edu/oit/it-security/security-awareness/phishing.
- Identity Theft Help: www.colorado.edu/oit/it-security/security-awareness/privacy-identity-theft.
Although the university uses technology to block malicious emails and phishing websites, this technology is no substitute for being a conscientious Internet user. You can report messages that you believe might be phishing attempts by going to www.colorado.edu/oit/it-security/phishing-emails/report-suspicious-messages. There you will also find a link to a site that lists recently reported phishing attempts (www.colorado.edu/oit/it-security/email-phishing).
If you ever have questions about the legitimacy of a message, you are welcome to contact the IT Service Center at help@colorado.edu or 303-735-4357 (5-HELP from a campus phone). Email and phone help is available Mondays through Fridays 7:30 a.m. to 7:00 p.m.; and Saturdays and Sundays, noon to 6:00 p.m. Please be aware that our call center is closed today due to winter weather conditions, but you can reach us at help@colorado.edu. Learn more at www.colorado.edu/oit/service-center.